CVE-2007-5268

Priority
Description
pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical
instead of bitwise operations and (2) incorrect comparisons, which might
allow remote attackers to cause a denial of service (crash) via a crafted
PNG image.
Notes
 jdstrand> given medium because of wide install base
 jdstrand> bug (1) is said to have been introduced in 1.2.19. Looking at
  pngrtran.c in 1.2.8 and 1.2.15 (as included in Ubuntu), the vulnerable code
  is not present
 jdstrand> bug (2) still applies to 1.2.15, but not 1.2.8
 jdstrand> reducing to negligible as pngset.c change should not do anything
Assigned-to
jdstrand
Package
Upstream:released (1.0.29 and 1.2.21)
More Information

Updated: 2019-03-19 11:43:53 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)